Whack-A-RAT: We're talking AlphaHunt on the Breaking Badness Cybersecurity Podcast
CIFv5 Unleashed
The fastest way to threat intel is …
The Cutting Edge of eCrime Research is...
If you haven’t checked out THE eCrime conference, you’re…
Hunting Through Your Home Network with ElastiFlow
Keep it simple. Start with Netflow…
The Most Important Feature of CIFv4
This is the most important feature of a solid platform and resilient ecosystem….
How to build smarter IOCs using Python3
What could you build, if the #IOC was the #Platform ?
Hunting for malicious connections using Python and TensorFlow
This takes #IDS and #Netflow anomaly detection to a whole new level…
Deploying Threat Intel with Slack
The single fastest way to get your threat intel out of slack and into your..
Prototyping CIFv4 - Neural Networks out of the Box
Traditional threat intel platforms are being deprecated by this one important feature..
Phishing Predictions with Deep Learning and TensorFlow
I've seen presentations that prove this, and the AI does a better job at crafting phishing urls with a higher success rates than most humans do. This is where we start thinking of the larger AI frameworks as layers..
Prototyping CIFv4 - Engineering a Realtime Intelligence Platform
The main focus of the last ~60 hours has been APIs, feeds and real-time streaming. This includes the HTTP REST API the realtime ZeroMQ streaming API and to some extent, WebHooks…
If you're looking to build and deploy your own #ThreatIntel platform, these are the things you should be thinking about.. It should take months, not years.. and you should learn from our mistakes, not just your own.
Hunting alone does NOT protect the network
Just about every single "TIPS" platform I come across solves one problem; getting users into their ecosystem where they can hunt for things in the past. These platforms are designed to FIND breaches, thwarting them seems to be an afterthought, if at-all. I can bring vulnerability data and passive dns data into my view to see that i've been owned, if I figured that out- why can't that logic just go into my network and keep me from getting owned in the first place?
Deploying Threat Intel Platforms, From GitHub.
The problem wasn't trying to manage and automate the code deployment, as much as it became managing the playbooks that deployed the application(s). We could have kept those playbooks in with the core code, but that's more over-head in the repo and more people touching the core code that didn't need to....
F your formats, just show me the data.
...without ANY machine learning or NLTK magic, you have a very basic and generalized pattern (or "algo" in hipster speak) that can parse and normalize, most types of feeds.
Threat Intel- The Last Mile.
What good is threat intel, if you have to spend time thinking about it?